A “Service Desk” is a primary tool for information technology (IT) service management and customer support. The service desk is intended to provide a single point of contact (“SPOC”) to meet the communications needs of both users and IT and to satisfy both customer and IT provider objectives. Many organizations have implemented a central point of contact for handling customer, user and related issues. This function is known under several titles often interpreted as having increasing levels of business relevance, including a call center, service center and help desk.
The IT infrastructure library approach to a service desk acts as the central point of contact between service providers and users/customers, on a day-to-day basis. It is also a focal point for reporting Incidents and for users making service requests. It handles incidents and service requests, as well as providing an interface, with users, for other service management activities such as change, problem, configuration, release, service level and IT service continuity management.
The service desk pro-actively keeps users informed of all relevant service events, actions and service changes that are likely to affect them. The service desk is in the direct line of any impact on the “service level” agreement and as such should be kept rapidly informed of any planned or unexpected changes or service unavailability.
In current practice, service desk applications typical consist of some combination of the following components: (1) call center automation—The call center automation component handles interactions between end users and service desk analysts. Traditionally it focuses on telephone call, but it may include any interaction mechanism such as email and instant message; (2) incident reporting and tracking—The incident reporting system tracks incident reports—often referred to as trouble tickets—from their creation to resolution. The basic life cycle of an incident is (a) registration, (b) evaluation, and (c) fulfillment; (3) problem determination aids—problem diagnostics aids consist of a diagnostics system that uses one or more diagnostic paradigms. Examples of diagnostic paradigms include keyword matching, full text search, decision trees, and artificial intelligence techniques; (4) integration with network and system monitoring applications—Automated systems that monitor the state of an IT environment are often integrated with the incident tracking system. Such systems create incident reports when they detect fault conditions in the environment; (5) asset management systems—The asset management system provides reasonable current information about the state of the environment that can be utilized by other components; (6) change management systems—The change management system manages the approval process for changes to the IT environment. It may also track the implementations of the changes. In the context of a service desk, this may be limited to changes required to implement solutions to a problem; (7) service management systems—The service management system handles the dispatch and tracking of service personnel required to implement a problem solution.
The diagnostic system has knowledge about potential problems and their solutions. Such knowledge typically comes from three sources: (1) predefined knowledge provided by a third party. This knowledge is generally tied to a specific type of resource such as a specific vendor database. It does not take into account any of the specific characteristics of a given installation, thus it may be used without change by any installation that has the same resource type to which it pertains. (2) site-specific knowledge. This knowledge is similar in structure to the predefined knowledge, but it is created to reflect a specific operating environment. Because of this it can take into account know configurations and relationships in the environment. (3) historic knowledge. This is the result of previous successful problem diagnoses. It can be thought of as learning from experience.
Analyzing symptoms described in a problem ticket and obtained by further interaction with the user submitting the ticket uses the knowledge. Essentially the diagnostic process attempts to create an accurate enough picture of the state of the environment such that only a single solution applies.
The service desk function has been standardized, which makes it easier to outsource service desks. Today, many service desk personnel are assigned accounts on servers that they manage, often times with more authorities than they actually require to do their job due to limitations in permissions within a product. While these accounts should only be used during actual problem resolution activities, these outsourcing conditions create security exposures because these accounts are always available and are constantly being accessed.
When service desk activities are outsourced, multiple companies will outsource these functions to the same service desk organization. Although information for different organizations may be located in different locations, the service desk personnel can have constant access to all servers. This access even when there is no specific and pending service desk issue creates this security risk.
There remains a need for a service desk method and system to protect against unnecessary access to data in situations where account data is stored in a system containing data from multiple organizations. There is also a need for a method and system that minimizes security exposure through dynamic account creation and destruction.